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Detection and response capabilities across email and endpoints 





Organizations today face an onslaught of new and stealthy threats that are constantly : Protection Points 

evolving to bypass existing security measures. Having advanced detection and response & Microsoft® Windows® 

capabilities, in addition to advanced protection, is essential to eliminate or minimize the 

impact of threats that do make it through defenses. Endpoint detection and response = Ma 

(EDR) is a great tool to detect threats that have landed on an endpoint, investigate the ; * Microsoft Office 365 

root cause, and mitigate the impact, but with its targeted focus on endpoints, EDR can't ‘ (Microsoft® Exchange® Online, 

see or influence important parts of the attack path. For example, while EDR can identify : OneDrive for Business, 

that a threat came into the organization via email, it can't offer key details on the scope SharePoint Online, Teams) 

of compromised accounts, and hence can't remove or stop the spread of the threat. : * Google G Suite” (email, GoogleDrive) 





Given that 94 percent of malware incidents come from email, combining email with 
endpoint detection and response is a powerful capability. 








TREND MICRO XDR FOR USERS 


Trend Micro™ XDR for Users is a complete software-as-a-service (SaaS) offering that 
includes protection, detection and response across endpoints and email through 
Trend Micro Apex One™ and Trend Micro™ Cloud App Security solutions. It also includes 
Trend Micro Apex Central", a centralized management console where users can view 
all available detection and threat information and perform investigation tasks like 
indicators of compromise (loC) Sweeping, root cause analysis, and threat hunting. With 
XDR for Users, customers can respond more effectively to threats, minimizing the 
severity and scope of a breach. 














Centralized 


Apex Central visibility, 
investigation 





Cloud data lake (activity data, alerts) 


Or Or 
La = 


Trend Micro” Apex One” SaaS & Cloud App Security 


Trend Micro” Endpoint Sensor, 
XDR Edition 


MDR Service 


oO 
Q 
x< 
o 
o 
© 
© 
(= 
© 
= 
o 
L 
2 
= 
3 
ta 
o 
i 
tL 


© 
<q |p 


@)~ 





'2018 Data Breach Investigations Report, Verizon 2019 
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ADVANCED THREAT PROTECTION 


o Apex One leverages a blend of modern threat techniques to provide the broadest 





o Cloud App Security provides advanced threat protection for email and cloud fi 
Sharing. It is an API integrated solution that works with Microsoft or Google security 
or third-party email gateways to add malware detection, credential phishing detection, 
business email compromise (BEC) impersonation detection, and internal email and 
icrosoft® OneDrive® for Business, Microsoft® SharePoint® 

, Google Drive"). 


file sharing protection ( 
Online, Box, Dropbox” 





protection against all types of threats. It offers highly-tuned endpoint security that 
maximizes performance and effectiveness. 


e 


o Strong and integrated endpoint and email threat protection reduces the number 





of threats that get 
investigate and respond. 








hrough in the first place, resulting in less events in which to 





o Leveraging integration into endpoint and email solutions native to Trend Micro results 











with third-party integrations. 





CONSOLIDATED DETECTION, 





o By connecting endpoint detection inf 


or organizations today. 


security layers and taking into accoun 


NVESTIGATION, AN 


ormation and Microsoft® Office 365° email, 
XDR for Users provides more insightful investigations, connecting the dots across 
email, which is the number one attack source 





in more effective analytics and threat prioritization compared to what is achievable 


D RESPONSE 


o XDR for Users enables an integrated root cause analysis so a security analyst can identify 


which attacks started with an email a 
acets of the attack (e.g. who else rec 








Q 





SINGLE CONSOLE 


tachment or URL is in other users’ in 





nd can automatically search inboxes to find other 
eived the malicious email and if the malicious 
boxes). By proactively identifying and addressing 
these undetonated threats, organizations can prevent any additional spread and damage. 


o Apex Central console provides a single view across endpoint and email security layers, 
eliminating data silos and giving IT teams wider visibility to clearly and quickly identify 
threats and to action the appropriate response. 


o A single console for visibility and investigation collapses the time it takes to detect, 
contain, and respond to threats, minimizing the severity and scope of impact. 


HOW IT WORKS 


1. Endpoints with Apex One Endpoint Sensor SaaS, XDR Edition enab 


ed, and 


Office 365 emails with Cloud App Security will record system behaviors, user 


behaviors, and communications. 


2. Activity data (i.e. endpoint telemetry, email metadata, etc.) and de 


ection data 


from these endpoints and emails are sent to the Trend Micro XDR data lake. 


3. When a detection is made, investigators can search through the data to analyze 
the impact of the detection to understand how far it has spread and who else has 
been compromised. 








User Name Erdgont Pasossa 
Man nang TW-MARKHUANG-PC 10.1.1.1 
Robert Leo TWAOBERTLEE-SAV 1042.162.606 
ary Farg AMYFANG-PC 10113 
Davis Sarg TW-OAVIDCHANG-PC 1042.362.77 


Ary Fang 


new 


First Seen I 

20170408 1028.18 
2017/0483 1210.20 
2017/04/04 083535 


2017/0820 11:23:18 


2087/04/13 12:10:20 
2017/04/14 08:3535 


20170420 11:2338 
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Key Protection Capabilities 


High-fidelity machine learning 
(pre-execution and runtime) 


Behavioral analysis 
(against scripts, injection, ransomware, 
memory, and browser attacks) 


Web reputation 


Exploit prevention 
(host firewall, exploit protection) 


Command and control (C&C) blocking 
Vulnerability protection 

Application control 

DLP 
Device control 


Sandbox and breach 
detection integration 





Endpoint encryption 
(requires separate agent) 





nbound and internal 
phishing protection 


Credential phishing detection 
with computer vision 


Business email compromise detection 
with writing style analysis 





4. A full root cause analysis allows investigators to understand the cause of the : Key Detection and 
detection and immediately implement a response that includes remediating : Response Features 
affected systems and updating Apex One and Cloud App Security to block : 


similar attacks in the future. Pla Sweeping 


* loA hunting 


Apex Central™ as a Service 


e Root cause analysis 


Who else received this email? 
Is this malicious file in other mailboxes? 


e Impact analysis 


e Automated response 


Recipients: 


e Open APIs and custom intelligence 


Received: 


Attachments: 







explorer.exe Embedded links: 


Message ID 


The analysis result indicates the file attachments havel 
opened or saved to the endpoint. 


[E] 






EXCELEXE 





MITRE_OSCE9040_1ES1391_XDR.xisx 
Found in: 36 user mailboxes 











5. Alternately, before a detection, investigators can search for indicators of attack 
(loAs) by searching using various parameters or with loCs and YARA rules. 











TREND MICRO™ MANAGED XDR SERVICE 


Alleviate constraints on security operations teams 





e With Managed XDR, customers can get the advantages of XDR; leveraging the resources and 
knowledge of Trend Micro security experts who are skilled in investigating advanced threats. 


* Provides 24/7 alert monitoring, alert prioritization, investigation, and threat hunting services to 
Trend Micro customers as a managed service. 


* Depending on the Trend Micro products in the environment, the Managed XDR service can 
collect data-from not only endpoints and email, but also network, server, and cloud-to 
correlate and prioritize alerts and system information and determine a full root cause analysis. 


e Threat investigators take the burden of investigations and provide a full incident report and 
remediation plan so your internal teams can more easily and quickly know what has happened, 
along with the impact and the necessary remediation steps. 


For details about what personal information we collect and why, please see our Privacy Notice on our website at: 
https://www.trendmicro.com/privacy 
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